Salesforce Multi-Factor Authentication (MFA) Requirement Explained

Salesforce Multi-Factor Authentication (MFA) Requirement Explained.

1. What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is a secure authentication method that requires users to prove their identity by supplying two or more pieces of evidence (or factors) when they log in. One factor is something the user knows, such as their username and password. Other factors include something the user has, such as an authenticator app or security key. By tying user access to multiple types of factors, MFA makes it much harder for common threats like phishing attacks and account takeovers to succeed.

2. What is the difference between Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA)?

Both MFA and 2FA are used to protect against unauthorized access by requiring a user to provide multiple authentication factors to prove their identity. The key difference between them is MFA requires two or more factors, where as 2FA requires only two factors.

3. Which Salesforce products support Multi-Factor Authentication?

These Salesforce products include multi-factor authentication (MFA) support:

All products built on the Salesforce Platform, including:
- Sales Cloud
- Service Cloud
- Analytics Cloud
- B2B Commerce Cloud
- Experience Cloud
- Industries products (Consumer Goods Cloud, Education Cloud, Financial Services Cloud, Government Cloud, Health Cloud, Manufacturing Cloud, Nonprofit Cloud, Philanthropy Cloud)
- Marketing Cloud–Audience Studio (formerly DMP)
- Marketing Cloud–Pardot
- Platform
- Salesforce Essentials
- Salesforce Field Service
- Partner solutions
B2C Commerce Cloud
Heroku
Marketing Cloud–Datorama
Marketing Cloud–Email Studio, Mobile Studio, and Journey Builder
Marketing Cloud–Social
MuleSoft Anypoint Platform
Quip Starter, Quip Plus, and Quip Advanced
Tableau Online

4. What is Salesforce Multi-Factor Authentication (MFA) requirement?

As of February 1, 2022, Salesforce is requiring MFA for all users who log in to the Salesforce UI. Salesforce Admins still have options to disable Multi-Factor Authentication if their users are not ready yet. For each of your Salesforce products, you’ll receive notice before auto-enablement goes into effect — with a minimum of six months notice before MFA is enforced.

5. Which verification methods satisfy the Salesforce MFA requirement?

Following methods satisfy Salesforce MFA requirement:

Salesforce Authenticator mobile app (available on the App Store® or Google Play™)
Time-based one-time passcode (TOTP) authenticator apps, like Google Authenticator™, Microsoft Authenticator™, or Authy™
Security keys that support WebAuthn or U2F, such as Yubico’s YubiKey™ or Google’s Titan™ Security Key
Built-in authenticators, such as Touch ID®, Face ID®, or Windows Hello™

6. Which verification methods do not satisfy Salesforce MFA requirement?

Following verification methods do not satisfy Salesforce MFA requirement:

Delivering one-time passcodes via the following options:
- Email messages
- Text messages
- Phone calls
Security questions
Trusted devices, Trusted networks, or VPN

7. What if my organization is using Single Sign-On (SSO)?

The MFA requirement applies to all users who access a Salesforce product’s user interface, whether by logging in directly or via SSO. If your organization is using SSO you can use your SSO provider’s MFA service provided it meets Salesforce MFA requirement.

8. Is MFA required for accessing Sandbox environments?

No. MFA is not required for accessing Sandbox environments except sandbox environments for B2C Commerce.

9. How can I verify that my MFA implementation satisfies the Salesforce MFA requirement?

You can use the MFA Requirement Checker, which guides you through a few questions to see if your implementation meets the requirement.

10. Additional Resources

Multi-Factor Authentication (MFA) adds an extra layer of security to prevent bad actors from accessing your data. Salesforce MFA requirement is definitely a step in the right direction.